cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
229
Views
0
Helpful
2
Replies

DNAC to ISE Integration

M Talha
Level 1
Level 1

Hi All,

I am integrating DNAC with ISE for external authentication and has setup all the policy and TACACS AVPair for Super admin, Network Admin and Observer but still unable to login vi active directory user credentials. On DNAC under system 360 i can see external auth servers show green checks showing connected and active, but on the ISE node under PXGRID shows offline (XMPP). I tried removing pxgrid and adding it again from DNAC but still it shows same behavior as offline.

Regards,

Talha

1 Accepted Solution

Accepted Solutions

Watch this video to learn how to integrate Cisco ISE with Cisco DNAC. Other Cisco Enterprise Networking YouTube Channels: http://cs.co/sda-youtube http://cs.co/routing-videos http://cs.co/ise-videos http://cs.co/dnac-youtube http://cs.co/EN-Programmability-Videos
2 Replies 2

@M Talha 

This video can be helpful for you.

https://www.youtube.com/watch?v=dKy9SYo0LvA

Watch this video to learn how to integrate Cisco ISE with Cisco DNAC. Other Cisco Enterprise Networking YouTube Channels: http://cs.co/sda-youtube http://cs.co/routing-videos http://cs.co/ise-videos http://cs.co/dnac-youtube http://cs.co/EN-Programmability-Videos

Ben Walters
Level 3
Level 3

When you try logging in what do the logs in ISE say? Are you getting a success in ISE but not being allowed to log in to DNAC? 

I had a similar issue and I ended up having to create a new Authz profile specifically for DNAC, we have our main Authz profile that has several AVPair attributes that work for various devices but DNAC denied access when any other AVPair attributes were present in the Authz response. 

our DNAC specific profile looks like this 

BenWalters_0-1725465375667.png

Outside of that it is set up like any other network device we have.